COVID-19 and Data Security Risks
Any time there is a crisis, whether environmental, economic, public health, or otherwise, you will see hackers and bad actors attempting to take advantage of the situation. The recent COVID-19 or coronavirus outbreak is no different. There has been a recent uptick in malware attacks and phishing scams related to COVID-19 to try to trick users into granting unauthorized access to work systems and data, or to disclose sensitive information. Especially as more and more employees have begun working remotely from home, many for the first time, there is increased opportunity for security breaches and cyber attacks. We would like to remind everyone to stay safe, not only physically by following the applicable social distancing guidelines, but also by reminding businesses and their employees to follow proper data security protocols, even while working remotely.
As a reminder, businesses should remember to take steps such as:
- Remind employees to verify the source of emails or texts before clicking on links or opening attachments, and that they should never give out their secure login or passwords in response to an email.
- Call and verify wire instructions by phone before sending money.
- Make sure any hosting or other software services used to support remote workers have adequate cyber security protections in place such as encryption, multi-factor authentication, and secure virtual private networks (VPNs).
- Review the privacy policies and practices of any conferencing solutions such as Zoom, Google Hangouts, etc. and make sure employees are trained on how to properly use any such video conferencing or chat services to minimize the risk of accidental disclosure of personal data.
The U.S. Cybersecurity and Infrastructure Security Agency (CISA) has been monitoring the situation and has provided further guidance for risk management of businesses and employers, including technical guidance for telework. See cisa.gov/coronavirus for more information.
If security breaches happen, businesses still may have obligations to those employees and/or clients whose personal information was improperly disclosed or accessed.
Our firm stands ready to serve our clients and friends in these difficult and unprecedented times. While following all federal, state and local government directives and public health and safety protocols, our offices are fully operational, and we remain ready and able to provide service. If you have any questions about the legal issues set forth above including the applicability of, or your compliance with, data privacy and cyber security laws or other implications of COVID-19, please do not hesitate to contact us for help.